Link to home
Start Free TrialLog in
Avatar of WycombeAbbey
WycombeAbbeyFlag for United Kingdom of Great Britain and Northern Ireland

asked on

SCCM Windows Updates Fault due to WPAD File

I have setup and ran for many months SCCM R2. We use this for Windows updates, future software rollouts and general hardware/software reporting.
Recently with the addition of a new Hardware Based Web Filtering system a WPAD setting has had to be put in place for our non domain clients to redirect them through the new filtering system.
This has somehow had a negative effect on my domain clients scanning for windows updates and reporting back to the SCCM Server. When I run the “Troubleshooting 3 - Computers failing with a specific scan error“ report all domain clients report back as Scan failed with an error code of -2145107941. Needless to say my compliance reports come back as unknown.
If we remove/disable the WPAD then all domain clients scan without fault. I can then update all clients. We tested this a few times to be sure.
The WPAD file has to stay to accommodate the non domain clients.
Does anyone have an idea how I can get round this issue? I don’t want to move away from SCCM windows updating as it’s worked flawlessly until now.
Thank you
ASKER CERTIFIED SOLUTION
Avatar of rscottvan
rscottvan
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of WycombeAbbey

ASKER

Hello Rscottvan. Apologies for my late reply.

We have installed the Bloxx Hardware web filtering solution. The SCCM clients don't go to Microsoft for windows updates as the SCCM and WSUS server handles the updates distribution internaly.

From what I have read the SCCM Clients do not like proxy servers and cannot deal with authentication as it’s supposed to be a straight through communication from client to server. However with this WPAD file all communication is being routed through Bloxx first.

Thank you for the idea of a whitelist. I must admit I didn't think of this.

I will include the IP an NetBios names (if possible) of the WSUS and SCCM servers together with the http address of the WSUS to the white list and see what happens.

I will post again with my results.
Thank you very much. The idea about the whitelist helped me greatly. I can't think why I didn't think about this. Basicly I have added the IP , netbios name and FQDN of the SCCM server to our filtering system whitelist. This allowed all clients to communicate to the SCCM Server bypassing the filtering systems authentication process.